You are browsing the archive for Projects.

by Vincent King

Serious flaw on OS X

December 4, 2008 in Security by Vincent King

Published: 2006-02-21, Last Updated: 2006-02-21 22:15:27 UTC - by Kyle Haugsness (Version: 3)

… a serious vulnerability has been found in Apple Safari on OS X. “In its default configuration shell commands are execute[d] simply by visting a web site – no user interaction required.” This could be really bad. Attackers can run shell scripts on your computer remotely just by visiting a malicious website.

Full text of the article: http://www.heise.de/english/newsticker/news/69862
Proof of concept from the original discoverer (Michael Lehn): http://www.mathematik.uni-ulm.de/~lehn/mac.html

The problem is due to a feature that is activated by default: Open Safe Files after downloading. A zip file is considered safe and so they will be opened automatically. Subsequently, a shell script with no #! at the beginning of the script will be executed automatically. No user interaction!

[[T_F]]Digital Content Theft Prevention and Tracing, Downloads and Online Property Protectiontracefusion_signature=1e8113ebdc2747a05721961cc39d62289b8f945901e68569a8143b7332c73fc1a06b866a420e2f29c3e367220201b03e7da02a2f18235e09b0b071c13727eead9fc4ddaa2fe007ec3a67a473bee49551dc0bf0abc6c4e1f37a2cb434dea7a97bd9d0689e5c2c24f835226dc7d3d15e73330c1c4c6c3d3298f80cb4cf0c3e72897af57bf945a99322312bb6195b648e2c922e1ee3c8f4f6de6f1c1a0e83b672eee892ee8848cebdd2aece469db4a4a2c5bab97d6e498e7946230c4092f6baa159889c1b31cf41f841747aa953530a59cdb3349fa07c88fa666a37e4494dbb8996f37138b8dd2e6cd7b953e7ec1d1337f32fa4153677eddbe6df2585aa7c5e1fa2491a60258c0e65c92f11fcfa8dcd2e3c74ae0daeb86be9879455d8d53780e89c265e963757e0626df5f5637806b9594411796cf3750c8172e244a9314a2d55f3652118f5a303d458d4f7f2cfbbbaefdb81aecb53cac333bf405758f50edfe86dee417e895b3ef8ddef0640a57ea813ce3bda2ded47ceb35eb0354a2f733a6db60ad7e7c4566602875339536d224d6c56363096e2fac351cff93351200cd146d10731070c8d8ae8c251c6b61ee6b7946d28cc9e2c56b497349170f84859d4dfb879201bb70fd02331a3311636ff3f1636fef1[[T_F]]

Tags: Default Configuration, Discoverer, Os X, Shell Commands, Shell Script, Shell Scripts, Vulnerability
0

by Vincent King

Manage Money

November 26, 2008 in Business, Checklist, Employment by Vincent King

This entry is part 1 of 1 in the series Cash Flow

Recommended:

Money savings expert

[[T_F]]Digital Content Theft Prevention and Tracing, Downloads and Online Property Protectiontracefusion_signature=1e8113ebdc2747a05721961cc39d62289b8f945901e68569a8143b7332c73fc1a06b866a420e2f29c3e367220201b03e7da02a2f18235e09b0b071c13727eead9fc4ddaa2fe007ec3a67a473bee49551dc0bf0abc6c4e1f37a2cb434dea7a97bd9d0689e5c2c24f835226dc7d3d15e73330c1c4c6c3d3298f80cb4cf0c3e72897af57bf945a99322312bb6195b648e2c922e1ee3c8f4f6de6f1c1a0e83b672eee892ee8848cebdd2aece469db4a4a2c5bab97d6e498e7946230c4092f6baa159889c1b31cf41f841747aa953530a59cdb3349fa07c88fa666a37e4494dbb8996f37138b8dd2e6cd7b953e7ec1d1337f32fa4153677eddbe6df2585aa7c5e1fa2491a60258c0e65c92f11fcfa8dcd2e3c74ae0daeb86be9879455d8d53780e89c265e963757e0626df5f5637806b9594411796cf3750c8172e244a9314a2d55f3652118f5a303d458d4f7f2cfbbbaefdb81aecb53cac333bf405758f50edfe86dee417e895b3ef8ddef0640a57ea813ce3bda2ded47ceb35eb0354a2f733a6db60ad7e7c4566602875339536d224d6c56363096e2fac351cff93351200cd146d10731070c8d8ae8c251c6b61ee6b7946d28cc9e2c56b497349170f84859d4dfb879201bb70fd02331a3311636ff3f1636fef1[[T_F]]

Tags: Expert, Manage Money, Money Savings
0

by Vincent King

Setup Cash Flow

November 16, 2008 in Business, Checklist by Vincent King

This entry is part 5 of 6 in the series Enterpreneur

[[T_F]]Digital Content Theft Prevention and Tracing, Downloads and Online Property Protectiontracefusion_signature=1e8113ebdc2747a05721961cc39d62289b8f945901e68569a8143b7332c73fc1a06b866a420e2f29c3e367220201b03e7da02a2f18235e09b0b071c13727eead9fc4ddaa2fe007ec3a67a473bee49551dc0bf0abc6c4e1f37a2cb434dea7a97bd9d0689e5c2c24f835226dc7d3d15e73330c1c4c6c3d3298f80cb4cf0c3e72897af57bf945a99322312bb6195b648e2c922e1ee3c8f4f6de6f1c1a0e83b672eee892ee8848cebdd2aece469db4a4a2c5bab97d6e498e7946230c4092f6baa159889c1b31cf41f841747aa953530a59cdb3349fa07c88fa666a37e4494dbb8996f37138b8dd2e6cd7b953e7ec1d1337f32fa4153677eddbe6df2585aa7c5e1fa2491a60258c0e65c92f11fcfa8dcd2e3c74ae0daeb86be9879455d8d53780e89c265e963757e0626df5f5637806b9594411796cf3750c8172e244a9314a2d55f3652118f5a303d458d4f7f2cfbbbaefdb81aecb53cac333bf405758f50edfe86dee417e895b3ef8ddef0640a57ea813ce3bda2ded47ceb35eb0354a2f733a6db60ad7e7c4566602875339536d224d6c56363096e2fac351cff93351200cd146d10731070c8d8ae8c251c6b61ee6b7946d28cc9e2c56b497349170f84859d4dfb879201bb70fd02331a3311636ff3f1636fef1[[T_F]]

Tags: Cash Flow
0

Centre for High Internet Design and Operations